diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2025-12-03 09:53:48 -0800 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2025-12-03 09:53:48 -0800 |
| commit | 121cc35cfb55ab0bcf04c8ba6b364a0990eb2449 (patch) | |
| tree | 323e2b393e0c49692ff45e03c5767b6dc54848e0 /security/loadpin/loadpin.c | |
| parent | 7fc2cd2e4b398c57c9cf961cfea05eadbf34c05c (diff) | |
| parent | 9a948eefad594c42717f29824dd40d6dc0b7aa13 (diff) | |
Merge tag 'lsm-pr-20251201' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm
Pull LSM updates from Paul Moore:
- Rework the LSM initialization code
What started as a "quick" patch to enable a notification event once
all of the individual LSMs were initialized, snowballed a bit into a
30+ patch patchset when everything was done. Most of the patches, and
diffstat, is due to splitting out the initialization code into
security/lsm_init.c and cleaning up some of the mess that was there.
While not strictly necessary, it does cleanup the code signficantly,
and hopefully makes the upkeep a bit easier in the future.
Aside from the new LSM_STARTED_ALL notification, these changes also
ensure that individual LSM initcalls are only called when the LSM is
enabled at boot time. There should be a minor reduction in boot times
for those who build multiple LSMs into their kernels, but only enable
a subset at boot.
It is worth mentioning that nothing at present makes use of the
LSM_STARTED_ALL notification, but there is work in progress which is
dependent upon LSM_STARTED_ALL.
- Make better use of the seq_put*() helpers in device_cgroup
* tag 'lsm-pr-20251201' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/lsm: (36 commits)
lsm: use unrcu_pointer() for current->cred in security_init()
device_cgroup: Refactor devcgroup_seq_show to use seq_put* helpers
lsm: add a LSM_STARTED_ALL notification event
lsm: consolidate all of the LSM framework initcalls
selinux: move initcalls to the LSM framework
ima,evm: move initcalls to the LSM framework
lockdown: move initcalls to the LSM framework
apparmor: move initcalls to the LSM framework
safesetid: move initcalls to the LSM framework
tomoyo: move initcalls to the LSM framework
smack: move initcalls to the LSM framework
ipe: move initcalls to the LSM framework
loadpin: move initcalls to the LSM framework
lsm: introduce an initcall mechanism into the LSM framework
lsm: group lsm_order_parse() with the other lsm_order_*() functions
lsm: output available LSMs when debugging
lsm: cleanup the debug and console output in lsm_init.c
lsm: add/tweak function header comment blocks in lsm_init.c
lsm: fold lsm_init_ordered() into security_init()
lsm: cleanup initialize_lsm() and rename to lsm_init_single()
...
Diffstat (limited to 'security/loadpin/loadpin.c')
| -rw-r--r-- | security/loadpin/loadpin.c | 13 |
1 files changed, 7 insertions, 6 deletions
diff --git a/security/loadpin/loadpin.c b/security/loadpin/loadpin.c index 68252452b66c..273ffbd6defe 100644 --- a/security/loadpin/loadpin.c +++ b/security/loadpin/loadpin.c @@ -270,11 +270,6 @@ static int __init loadpin_init(void) return 0; } -DEFINE_LSM(loadpin) = { - .name = "loadpin", - .init = loadpin_init, -}; - #ifdef CONFIG_SECURITY_LOADPIN_VERITY enum loadpin_securityfs_interface_index { @@ -434,9 +429,15 @@ static int __init init_loadpin_securityfs(void) return 0; } -fs_initcall(init_loadpin_securityfs); +#endif /* CONFIG_SECURITY_LOADPIN_VERITY */ +DEFINE_LSM(loadpin) = { + .id = &loadpin_lsmid, + .init = loadpin_init, +#ifdef CONFIG_SECURITY_LOADPIN_VERITY + .initcall_fs = init_loadpin_securityfs, #endif /* CONFIG_SECURITY_LOADPIN_VERITY */ +}; /* Should not be mutable after boot, so not listed in sysfs (perm == 0). */ module_param(enforce, int, 0); |